Sharepoint Support of Encryption

Ok – Well I went to a session that said “Q&A with Sharepoint Architects – A Panel Discussion”.

So, I tried my question again (hoping for better results than my last attempt in the community lounge).

Question:

• I work in the financial services industry, and more and more of our customers are requiring that all of our data (primarily at rest) be encrypted.  We have a large investment in Sharepoint.  What options do we have in order to meet our customer’s security needs?

Answer:

• Use SQL Server 2008 (when RTM’d), because its Transparent Data Encryption (TDE) will encrypt the database at the disc level.  This should address the “data at rest” part of the issue.
• In order to address the transaction level security, use SSL between Sharepoint & SQL Server.

So, initial impression is that this may meet the needs for our customers, but will need to vet this out further with Speas.  Still need to work on how to prevent people from taking the data outa Sharepoint with them when data is not in a format covered by IRM.

FOLLOWUP:  So, What Exactly is Transparent Data Encryption in SQL Server 2008?

  Here’s the official verbiage from Microsoft:

“Transparent data encryption (TDE) performs real-time I/O encryption and decryption of the data and log files. The encryption uses a database encryption key (DEK), which is stored in the database boot record for availability during recovery. The DEK is a symmetric key secured by using a certificate stored in the master database of the server or an asymmetric key protected by an EKM module. TDE protects data “at rest”, meaning the data and log files. It provides the ability to comply with many laws, regulations, and guidelines established in various industries. This enables software developers to encrypt data by using AES and 3DES encryption algorithms without changing existing applications.”

June 12, 2008 Posted by Andrew | Tech*Ed 2008 | encryption, sharepoint | 10 Comments